Executive Summary

Informations
Name CVE-2014-5120 First vendor Publication 2014-08-22
Vendor Cve Last vendor Modification 2016-10-26

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:P)
Cvss Base Score 6.4 Attack Range Network
Cvss Impact Score 4.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via crafted input to an application that calls the (1) imagegd, (2) imagegd2, (3) imagegif, (4) imagejpeg, (5) imagepng, (6) imagewbmp, or (7) imagewebp function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5120

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-20 Improper Input Validation

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:27173
 
Oval ID: oval:org.mitre.oval:def:27173
Title: ELSA-2014-1327 -- php security update (moderate)
Description: [5.4.16-23.1] - gd: fix NULL pointer dereference in gdImageCreateFromXpm(). CVE-2014-2497 - gd: fix NUL byte injection in file names. CVE-2014-5120 - fileinfo: fix extensive backtracking in regular expression (incomplete fix for CVE-2013-7345). CVE-2014-3538 - fileinfo: fix mconvert incorrect handling of truncated pascal string size. CVE-2014-3478 - fileinfo: fix cdf_read_property_info (incomplete fix for CVE-2012-1571). CVE-2014-3587 - spl: fix use-after-free in ArrayIterator due to object change during sorting. CVE-2014-4698 - spl: fix use-after-free in SPL Iterators. CVE-2014-4670 - network: fix segfault in dns_get_record (incomplete fix for CVE-2014-4049). CVE-2014-3597
Family: unix Class: patch
Reference(s): ELSA-2014-1327
CVE-2014-2497
CVE-2014-3478
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
Version: 3
Platform(s): Oracle Linux 7
Product(s): php
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27209
 
Oval ID: oval:org.mitre.oval:def:27209
Title: RHSA-2014:1327: php security update (Moderate)
Description: PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. PHP's fileinfo module provides functions used to identify a particular file according to the type of data contained by the file. A buffer overflow flaw was found in the way the File Information (fileinfo) extension processed certain Pascal strings. A remote attacker able to make a PHP application using fileinfo convert a specially crafted Pascal string provided by an image file could cause that application to crash. (CVE-2014-3478) Multiple flaws were found in the File Information (fileinfo) extension regular expression rules for detecting various files. A remote attacker could use either of these flaws to cause a PHP application using fileinfo to consume an excessive amount of CPU. (CVE-2014-3538) It was found that the fix for CVE-2012-1571 was incomplete; the File Information (fileinfo) extension did not correctly parse certain Composite Document Format (CDF) files. A remote attacker could use this flaw to crash a PHP application using fileinfo via a specially crafted CDF file. (CVE-2014-3587) It was found that PHP's gd extension did not properly handle file names with a null character. A remote attacker could possibly use this flaw to make a PHP application access unexpected files and bypass intended file system access restrictions. (CVE-2014-5120) A NULL pointer dereference flaw was found in the gdImageCreateFromXpm() function of PHP's gd extension. A remote attacker could use this flaw to crash a PHP application using gd via a specially crafted X PixMap (XPM) file. (CVE-2014-2497) Multiple buffer over-read flaws were found in the php_parserr() function of PHP. A malicious DNS server or a man-in-the-middle attacker could possibly use this flaw to execute arbitrary code as the PHP interpreter if a PHP application used the dns_get_record() function to perform a DNS query. (CVE-2014-3597) Two use-after-free flaws were found in the way PHP handled certain Standard PHP Library (SPL) Iterators and ArrayIterators. A malicious script author could possibly use either of these flaws to disclose certain portions of server memory. (CVE-2014-4670, CVE-2014-4698) The CVE-2014-3478 issue was discovered by Francisco Alonso of Red Hat Product Security, the CVE-2014-3538 issue was discovered by Jan KaluЕѕa of the Red Hat Web Stack Team, and the CVE-2014-3597 issue was discovered by David KutГЎlek of the Red Hat BaseOS QE. All php users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:1327-00
CESA-2014:1327
CVE-2014-2497
CVE-2014-3478
CVE-2014-3538
CVE-2014-3587
CVE-2014-3597
CVE-2014-4670
CVE-2014-4698
CVE-2014-5120
Version: 3
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
Product(s): php
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 68

Nessus® Vulnerability Scanner

Date Description
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_10_10_3.nasl - Type : ACT_GATHER_INFO
2015-04-10 Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2015-004.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-415.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-10-01 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-1327.nasl - Type : ACT_GATHER_INFO
2014-09-17 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-546.nasl - Type : ACT_GATHER_INFO
2014-09-12 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-172.nasl - Type : ACT_GATHER_INFO
2014-09-05 Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2014-247-01.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9679.nasl - Type : ACT_GATHER_INFO
2014-09-03 Name : The remote Fedora host is missing a security update.
File : fedora_2014-9684.nasl - Type : ACT_GATHER_INFO
2014-08-30 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201408-11.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_4_32.nasl - Type : ACT_GATHER_INFO
2014-08-27 Name : The remote web server uses a version of PHP that is affected by multiple vuln...
File : php_5_5_16.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
APPLE http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html
CONFIRM http://php.net/ChangeLog-5.php
http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html
https://bugs.php.net/bug.php?id=67730
https://support.apple.com/HT204659
REDHAT http://rhn.redhat.com/errata/RHSA-2014-1327.html
http://rhn.redhat.com/errata/RHSA-2014-1765.html
http://rhn.redhat.com/errata/RHSA-2014-1766.html
SUSE http://lists.opensuse.org/opensuse-updates/2014-09/msg00024.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
Date Informations
2024-02-02 01:28:24
  • Multiple Updates
2024-02-01 12:08:24
  • Multiple Updates
2023-09-05 12:26:55
  • Multiple Updates
2023-09-05 01:08:17
  • Multiple Updates
2023-09-02 12:26:55
  • Multiple Updates
2023-09-02 01:08:24
  • Multiple Updates
2023-08-12 12:29:19
  • Multiple Updates
2023-08-12 01:07:54
  • Multiple Updates
2023-08-11 12:25:03
  • Multiple Updates
2023-08-11 01:08:06
  • Multiple Updates
2023-08-06 12:24:20
  • Multiple Updates
2023-08-06 01:07:52
  • Multiple Updates
2023-08-04 12:24:24
  • Multiple Updates
2023-08-04 01:07:57
  • Multiple Updates
2023-07-14 12:24:23
  • Multiple Updates
2023-07-14 01:07:55
  • Multiple Updates
2023-03-29 01:26:12
  • Multiple Updates
2023-03-28 12:08:16
  • Multiple Updates
2022-10-11 12:22:00
  • Multiple Updates
2022-10-11 01:08:04
  • Multiple Updates
2021-05-04 12:33:24
  • Multiple Updates
2021-04-22 01:40:08
  • Multiple Updates
2020-05-23 00:41:44
  • Multiple Updates
2019-06-08 12:06:18
  • Multiple Updates
2016-10-26 09:22:43
  • Multiple Updates
2016-04-27 01:04:39
  • Multiple Updates
2015-12-05 13:26:39
  • Multiple Updates
2015-06-25 13:28:25
  • Multiple Updates
2015-04-14 09:27:36
  • Multiple Updates
2015-04-11 13:28:48
  • Multiple Updates
2014-11-19 09:24:19
  • Multiple Updates
2014-11-14 13:28:39
  • Multiple Updates
2014-10-17 13:26:44
  • Multiple Updates
2014-10-12 13:27:26
  • Multiple Updates
2014-10-02 13:27:16
  • Multiple Updates
2014-09-18 13:27:24
  • Multiple Updates
2014-09-13 13:43:08
  • Multiple Updates
2014-09-06 13:24:39
  • Multiple Updates
2014-09-04 13:24:42
  • Multiple Updates
2014-09-04 00:22:16
  • Multiple Updates
2014-08-31 13:25:13
  • Multiple Updates
2014-08-28 13:24:42
  • Multiple Updates
2014-08-28 09:22:45
  • Multiple Updates
2014-08-26 00:22:03
  • Multiple Updates
2014-08-23 09:23:54
  • First insertion